Executive Summary
Currently, little is known about the scale and scope of online stolen data markets, including how these markets operate and the actors involved in these operations. As governments, businesses, and consumers increasingly move to the internet to manage their finances and operations, parallel increases in the number of data breaches and hacking incidents have emerged. Absent data on online stolen data markets, one of the main challenges facing researchers and policy markets is how to effectively respond to and disrupt these emerging illicit markets.
The current report: 1) compiles and analyzes a longitudinal dataset of online stolen data marketplaces over an eight-month period from September 1, 2020 to April 30, 2021, and 2) assesses the resilience of online stolen data marketplaces to a law enforcement disruption.
The report is divided into four sections. The first section examines trends across online stolen data marketplaces, including changes in the number of listings, vendors, and transactions over time. The second section explores vendor-level trends, focusing on a subset of vendors responsible for the highest volume of listings and sales, and examining their activity across the different marketplaces. The third section maps out the networks of online stolen data marketplaces to assess the impact of a law enforcement intervention on vendor migration to new markets. The fourth section moves from online stolen data marketplaces on the dark web to stolen data markets on Telegram, an app-based messaging service that has increasingly been used to sell illicit goods. Specifically, section describes the groups and channels’ active in stolen data and then hone in on one of the largest stolen data groups to explore its operations over time. We conclude by discussing the value of longitudinal datasets for studying online stolen data markets and the policy implications of our findings. Read more…